@@ -192,6 +192,36 @@ lflow_lr_lb_nat_data_handler(struct engine_node *node, void *data)
return true;
}
+bool
+lflow_ls_lbacls_handler(struct engine_node *node, void *data)
+{
+ struct ed_type_ls_lbacls *ls_lbacls_data =
+ engine_get_input_data("ls_lbacls", node);
+
+ if (!ls_lbacls_data->tracked ||
+ !hmapx_is_empty(&ls_lbacls_data->tracked_data.deleted)) {
+ return false;
+ }
+
+ const struct engine_context *eng_ctx = engine_get_context();
+ struct lflow_data *lflow_data = data;
+
+ struct lflow_input lflow_input;
+ lflow_get_input_data(node, &lflow_input);
+
+ if (!lflow_handle_ls_lbacls_changes(eng_ctx->ovnsb_idl_txn,
+ &ls_lbacls_data->tracked_data,
+ &lflow_input,
+ lflow_data->lflow_table)) {
+ return false;
+ }
+
+
+ engine_set_node_state(node, EN_UPDATED);
+
+ return true;
+}
+
void *en_lflow_init(struct engine_node *node OVS_UNUSED,
struct engine_arg *arg OVS_UNUSED)
{
@@ -21,5 +21,6 @@ void en_lflow_cleanup(void *data);
bool lflow_northd_handler(struct engine_node *, void *data);
bool lflow_port_group_handler(struct engine_node *, void *data);
bool lflow_lr_lb_nat_data_handler(struct engine_node *, void *data);
+bool lflow_ls_lbacls_handler(struct engine_node *node, void *data);
#endif /* EN_LFLOW_H */
@@ -39,6 +39,7 @@
#include "lib/ovn-sb-idl.h"
#include "lib/ovn-util.h"
#include "lib/stopwatch-names.h"
+#include "lflow-mgr.h"
#include "northd.h"
VLOG_DEFINE_THIS_MODULE(en_ls_lbacls);
@@ -356,6 +357,7 @@ ls_lbacls_record_create(struct ls_lbacls_table *table,
struct ls_lbacls_record *ls_lbacls_rec = xzalloc(sizeof *ls_lbacls_rec);
ls_lbacls_rec->od = od;
ls_lbacls_record_init(ls_lbacls_rec, od, NULL, ls_pgs);
+ ls_lbacls_rec->lflow_ref = lflow_ref_alloc(od->nbs->name);
hmap_insert(&table->entries, &ls_lbacls_rec->key_node,
uuid_hash(&ls_lbacls_rec->od->nbs->header_.uuid));
@@ -366,6 +368,7 @@ ls_lbacls_record_create(struct ls_lbacls_table *table,
static void
ls_lbacls_record_destroy(struct ls_lbacls_record *ls_lbacls_rec)
{
+ lflow_ref_destroy(ls_lbacls_rec->lflow_ref);
free(ls_lbacls_rec);
}
@@ -31,6 +31,8 @@
#include "lib/ovn-util.h"
#include "lib/stopwatch-names.h"
+struct lflow_ref;
+
struct ls_lbacls_record {
struct hmap_node key_node;
@@ -39,6 +41,8 @@ struct ls_lbacls_record {
bool has_lb_vip;
bool has_acls;
uint64_t max_acl_tier;
+
+ struct lflow_ref *lflow_ref;
};
struct ls_lbacls_table {
@@ -236,11 +236,11 @@ void inc_proc_northd_init(struct ovsdb_idl_loop *nb,
engine_add_input(&en_lflow, &en_sb_multicast_group, NULL);
engine_add_input(&en_lflow, &en_sb_igmp_group, NULL);
engine_add_input(&en_lflow, &en_sb_logical_dp_group, NULL);
- engine_add_input(&en_lflow, &en_ls_lbacls, NULL);
engine_add_input(&en_lflow, &en_northd, lflow_northd_handler);
engine_add_input(&en_lflow, &en_port_group, lflow_port_group_handler);
engine_add_input(&en_lflow, &en_lr_lb_nat_data,
lflow_lr_lb_nat_data_handler);
+ engine_add_input(&en_lflow, &en_ls_lbacls, lflow_ls_lbacls_handler);
engine_add_input(&en_sync_to_sb_addr_set, &en_nb_address_set,
sync_to_sb_addr_set_nb_address_set_handler);
@@ -15747,13 +15747,14 @@ build_ls_lbacls_flows(const struct ls_lbacls_record *ls_lbacls_rec,
ovs_assert(ls_lbacls_rec->od);
build_ls_lbacls_rec_pre_acls(ls_lbacls_rec, ls_pgs, lflows,
- NULL);
+ ls_lbacls_rec->lflow_ref);
build_ls_lbacls_rec_pre_lb(ls_lbacls_rec, lflows,
- NULL);
- build_acl_hints(ls_lbacls_rec, features, lflows, NULL);
+ ls_lbacls_rec->lflow_ref);
+ build_acl_hints(ls_lbacls_rec, features, lflows,
+ ls_lbacls_rec->lflow_ref);
build_acls(ls_lbacls_rec, features, lflows, ls_pgs, meter_groups,
- NULL);
- build_lb_hairpin(ls_lbacls_rec, lflows, NULL);
+ ls_lbacls_rec->lflow_ref);
+ build_lb_hairpin(ls_lbacls_rec, lflows, ls_lbacls_rec->lflow_ref);
}
struct lswitch_flow_build_info {
@@ -16721,6 +16722,45 @@ lflow_handle_lr_lb_nat_data_changes(struct ovsdb_idl_txn *ovnsb_txn,
return true;
}
+bool
+lflow_handle_ls_lbacls_changes(struct ovsdb_idl_txn *ovnsb_txn,
+ struct ls_lbacls_tracked_data *trk_data,
+ struct lflow_input *lflow_input,
+ struct lflow_table *lflows)
+{
+ struct ls_lbacls_record *ls_lbacls_rec;
+ struct hmapx_node *hmapx_node;
+
+ HMAPX_FOR_EACH (hmapx_node, &trk_data->crupdated) {
+ ls_lbacls_rec = hmapx_node->data;
+
+ lflow_ref_clear_lflows(ls_lbacls_rec->lflow_ref, ls_lbacls_rec->od,
+ lflows);
+
+ /* Generate new lflows. */
+ struct ds match = DS_EMPTY_INITIALIZER;
+ struct ds actions = DS_EMPTY_INITIALIZER;
+
+ build_ls_lbacls_flows(ls_lbacls_rec, lflow_input->ls_port_groups,
+ lflow_input->features, lflow_input->meter_groups,
+ lflows);
+
+ ds_destroy(&match);
+ ds_destroy(&actions);
+
+ /* Sync the new flows to SB. */
+ lflow_ref_sync_lflows_to_sb(ls_lbacls_rec->lflow_ref, lflows,
+ ovnsb_txn,
+ lflow_input->ls_datapaths,
+ lflow_input->lr_datapaths,
+ lflow_input->ovn_internal_version_changed,
+ lflow_input->sbrec_logical_flow_table,
+ lflow_input->sbrec_logical_dp_group_table);
+ }
+
+ return true;
+}
+
static bool
mirror_needs_update(const struct nbrec_mirror *nb_mirror,
const struct sbrec_mirror *sb_mirror)
@@ -706,6 +706,7 @@ void northd_indices_create(struct northd_data *data,
struct lflow_table;
struct lr_lb_nat_data_tracked_data;
+struct ls_lbacls_tracked_data;
void build_lflows(struct ovsdb_idl_txn *ovnsb_txn,
struct lflow_input *input_data,
@@ -722,6 +723,10 @@ bool lflow_handle_lr_lb_nat_data_changes(struct ovsdb_idl_txn *,
struct lr_lb_nat_data_tracked_data *,
struct lflow_input *,
struct lflow_table *lflows);
+bool lflow_handle_ls_lbacls_changes(struct ovsdb_idl_txn *,
+ struct ls_lbacls_tracked_data *,
+ struct lflow_input *,
+ struct lflow_table *lflows);
bool northd_handle_sb_port_binding_changes(
const struct sbrec_port_binding_table *, struct hmap *ls_ports,
struct hmap *lr_ports);
@@ -10502,11 +10502,12 @@ check ovn-nbctl --wait=sb ls-lb-add sw0 lb1
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
# A LB applied to a switch/router triggers:
# - a recompute in the first iteration (handling northd change)
# - a compute in the second iteration (handling SB update)
check_engine_stats sync_to_sb_lb recompute compute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
# Modify the backend of the lb1 vip
@@ -10515,7 +10516,8 @@ check ovn-nbctl --wait=sb set load_balancer lb1 vips:'"10.0.0.10:80"'='"10.0.0.1
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10525,7 +10527,8 @@ check ovn-nbctl --wait=sb clear load_Balancer lb1 vips
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10535,7 +10538,8 @@ check ovn-nbctl --wait=sb lb-add lb1 10.0.0.10:80 10.0.0.3:80
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10545,7 +10549,8 @@ check ovn-nbctl --wait=sb lb-add lb1 10.0.0.20:80 10.0.0.30:8080
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10555,6 +10560,7 @@ check ovn-nbctl --wait=sb ls-lb-del sw0 lb1
check_engine_stats lb_data norecompute compute
check_engine_stats northd recompute nocompute
check_engine_stats lr_lb_nat_data recompute nocompute
+check_engine_stats ls_lbacls recompute nocompute
check_engine_stats lflow recompute nocompute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10566,7 +10572,8 @@ check ovn-nbctl --wait=sb ls-lb-add sw0 lb1 -- lsp-add sw0 sw0p1
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10685,7 +10692,7 @@ check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
check_engine_stats ls_lbacls norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
# Update lb and this should not result in northd recompute
@@ -10693,8 +10700,9 @@ check as northd ovn-appctl -t NORTHD_TYPE inc-engine/clear-stats
check ovn-nbctl --wait=sb set load_balancer . options:bar=foo
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
+check_engine_stats lr_lb_nat_data norecompute compute
check_engine_stats ls_lbacls norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
# Modify the backend of the lb1 vip
@@ -10704,7 +10712,7 @@ check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
check_engine_stats ls_lbacls norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10714,7 +10722,8 @@ check ovn-nbctl --wait=sb clear load_Balancer lb1 vips
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10724,7 +10733,8 @@ check ovn-nbctl --wait=sb lb-add lb1 10.0.0.10:80 10.0.0.3:80
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10734,7 +10744,8 @@ check ovn-nbctl --wait=sb lb-add lb1 10.0.0.20:80 10.0.0.30:8080
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10809,7 +10820,8 @@ check ovn-nbctl --wait=sb add logical_switch sw0 load_balancer_group $lbg1_uuid
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10862,7 +10874,8 @@ check ovn-nbctl --wait=sb set logical_switch sw0 load_balancer_group=$lbg1_uuid
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10880,7 +10893,8 @@ check ovn-nbctl --wait=sb ls-lb-add sw0 lb2
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute nocompute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10889,7 +10903,8 @@ check ovn-nbctl --wait=sb ls-lb-add sw0 lb3
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute nocompute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10917,6 +10932,7 @@ check ovn-nbctl --wait=sb lr-lb-del lr1 lb2
check_engine_stats lb_data norecompute compute
check_engine_stats northd recompute nocompute
check_engine_stats lr_lb_nat_data recompute nocompute
+check_engine_stats ls_lbacls recompute nocompute
check_engine_stats lflow recompute nocompute
check_engine_stats sync_to_sb_lb recompute nocompute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10928,7 +10944,8 @@ check ovn-nbctl --wait=sb lb-del lb4
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -10939,7 +10956,8 @@ check ovn-nbctl --wait=sb lb-del lb2
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
check_engine_stats lr_lb_nat_data norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats ls_lbacls norecompute compute
+check_engine_stats lflow norecompute compute
check_engine_stats sync_to_sb_lb recompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
@@ -11006,7 +11024,7 @@ check as northd ovn-appctl -t NORTHD_TYPE inc-engine/clear-stats
check ovn-nbctl --wait=sb ls-lb-add sw0 lb1
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats lflow norecompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
# Clear the VIPs of lb1
@@ -11014,7 +11032,7 @@ check as northd ovn-appctl -t NORTHD_TYPE inc-engine/clear-stats
check ovn-nbctl --wait=sb clear load_balancer . vips
check_engine_stats lb_data norecompute compute
check_engine_stats northd norecompute compute
-check_engine_stats lflow recompute nocompute
+check_engine_stats lflow norecompute compute
CHECK_NO_CHANGE_AFTER_RECOMPUTE
check as northd ovn-appctl -t NORTHD_TYPE inc-engine/clear-stats